{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-36288", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-21T11:16:40.621Z", "datePublished": "2024-06-21T11:18:46.152Z", "dateUpdated": "2024-12-19T09:01:07.206Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:01:07.206Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix loop termination condition in gss_free_in_token_pages()\n\nThe in_token->pages[] array is not NULL terminated. This results in\nthe following KASAN splat:\n\n KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f]"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/sunrpc/auth_gss/svcauth_gss.c"], "versions": [{"version": "ab8466d4e26806a4ae82c282762c4545eecf45ef", "lessThan": "57ff6c0a175930856213b2aa39f8c845a53e5b1c", "status": "affected", "versionType": "git"}, {"version": "4420b73c7f26fd5fcb37bbce5313dd356ef1b3ca", "lessThan": "6ed45d20d30005bed94c8c527ce51d5ad8121018", "status": "affected", "versionType": "git"}, {"version": "f148a95f68c66c1b097391b68e153d5a46f0e780", "lessThan": "4cefcd0af7458bdeff56a9d8dfc6868ce23d128a", "status": "affected", "versionType": "git"}, {"version": "fe0b474974fee7af1df286e0edd5a1460c811865", "lessThan": "b4878ea99f2b40ef1925720b1b4ca7f4af1ba785", "status": "affected", "versionType": "git"}, {"version": "879fe60fccd5406ac75067750c3b7c22097eed49", "lessThan": "f9977e4e0cd98a5f06f2492b4f3547db58deabf5", "status": "affected", "versionType": "git"}, {"version": "c1d8c429e4d2ce85ec5c92cf71cb419baf75c56f", "lessThan": "af628d43a822b78ad8d4a58d8259f8bf8bc71115", "status": "affected", "versionType": "git"}, {"version": "8ca148915670a2921afcc255af9e1dc80f37b052", "lessThan": "0a1cb0c6102bb4fd310243588d39461da49497ad", "status": "affected", "versionType": "git"}, {"version": "bafa6b4d95d97877baa61883ff90f7e374427fae", "lessThan": "4a77c3dead97339478c7422eb07bf4bf63577008", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/sunrpc/auth_gss/svcauth_gss.c"], "versions": [{"version": "6.9.3", "lessThan": "6.9.4", "status": "affected", "versionType": "semver"}]}], "references": [{"url": "https://git.kernel.org/stable/c/57ff6c0a175930856213b2aa39f8c845a53e5b1c"}, {"url": "https://git.kernel.org/stable/c/6ed45d20d30005bed94c8c527ce51d5ad8121018"}, {"url": "https://git.kernel.org/stable/c/4cefcd0af7458bdeff56a9d8dfc6868ce23d128a"}, {"url": "https://git.kernel.org/stable/c/b4878ea99f2b40ef1925720b1b4ca7f4af1ba785"}, {"url": "https://git.kernel.org/stable/c/f9977e4e0cd98a5f06f2492b4f3547db58deabf5"}, {"url": "https://git.kernel.org/stable/c/af628d43a822b78ad8d4a58d8259f8bf8bc71115"}, {"url": "https://git.kernel.org/stable/c/0a1cb0c6102bb4fd310243588d39461da49497ad"}, {"url": "https://git.kernel.org/stable/c/4a77c3dead97339478c7422eb07bf4bf63577008"}], "title": "SUNRPC: Fix loop termination condition in gss_free_in_token_pages()", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-21T13:05:00.955390Z", "id": "CVE-2024-36288", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-21T13:05:08.602Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:37:04.682Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/57ff6c0a175930856213b2aa39f8c845a53e5b1c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6ed45d20d30005bed94c8c527ce51d5ad8121018", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4cefcd0af7458bdeff56a9d8dfc6868ce23d128a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b4878ea99f2b40ef1925720b1b4ca7f4af1ba785", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f9977e4e0cd98a5f06f2492b4f3547db58deabf5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/af628d43a822b78ad8d4a58d8259f8bf8bc71115", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0a1cb0c6102bb4fd310243588d39461da49497ad", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4a77c3dead97339478c7422eb07bf4bf63577008", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/57ff6c0a175930856213b2aa39f8c845a53e5b1c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6ed45d20d30005bed94c8c527ce51d5ad8121018", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4cefcd0af7458bdeff56a9d8dfc6868ce23d128a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b4878ea99f2b40ef1925720b1b4ca7f4af1ba785", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f9977e4e0cd98a5f06f2492b4f3547db58deabf5", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/af628d43a822b78ad8d4a58d8259f8bf8bc71115", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0a1cb0c6102bb4fd310243588d39461da49497ad", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4a77c3dead97339478c7422eb07bf4bf63577008", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:37:04.682Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-36288", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-21T13:05:00.955390Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-21T13:05:05.416Z"}}], "cna": {"title": "SUNRPC: Fix loop termination condition in gss_free_in_token_pages()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "ab8466d4e268", "lessThan": "57ff6c0a1759", "versionType": "git"}, {"status": "affected", "version": "4420b73c7f26", "lessThan": "6ed45d20d300", "versionType": "git"}, {"status": "affected", "version": "f148a95f68c6", "lessThan": "4cefcd0af745", "versionType": "git"}, {"status": "affected", "version": "fe0b474974fe", "lessThan": "b4878ea99f2b", "versionType": "git"}, {"status": "affected", "version": "879fe60fccd5", "lessThan": "f9977e4e0cd9", "versionType": "git"}, {"status": "affected", "version": "c1d8c429e4d2", "lessThan": "af628d43a822", "versionType": "git"}, {"status": "affected", "version": "8ca148915670", "lessThan": "0a1cb0c6102b", "versionType": "git"}, {"status": "affected", "version": "bafa6b4d95d9", "lessThan": "4a77c3dead97", "versionType": "git"}], "programFiles": ["net/sunrpc/auth_gss/svcauth_gss.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.9.3", "lessThan": "6.9.4", "versionType": "custom"}], "programFiles": ["net/sunrpc/auth_gss/svcauth_gss.c"], "defaultStatus": "unaffected"}], "references": [{"url": "https://git.kernel.org/stable/c/57ff6c0a175930856213b2aa39f8c845a53e5b1c"}, {"url": "https://git.kernel.org/stable/c/6ed45d20d30005bed94c8c527ce51d5ad8121018"}, {"url": "https://git.kernel.org/stable/c/4cefcd0af7458bdeff56a9d8dfc6868ce23d128a"}, {"url": "https://git.kernel.org/stable/c/b4878ea99f2b40ef1925720b1b4ca7f4af1ba785"}, {"url": "https://git.kernel.org/stable/c/f9977e4e0cd98a5f06f2492b4f3547db58deabf5"}, {"url": "https://git.kernel.org/stable/c/af628d43a822b78ad8d4a58d8259f8bf8bc71115"}, {"url": "https://git.kernel.org/stable/c/0a1cb0c6102bb4fd310243588d39461da49497ad"}, {"url": "https://git.kernel.org/stable/c/4a77c3dead97339478c7422eb07bf4bf63577008"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix loop termination condition in gss_free_in_token_pages()\n\nThe in_token->pages[] array is not NULL terminated. This results in\nthe following KASAN splat:\n\n KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f]"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-15T06:47:00.331Z"}}}, "cveMetadata": {"cveId": "CVE-2024-36288", "state": "PUBLISHED", "dateUpdated": "2024-08-02T03:37:04.682Z", "dateReserved": "2024-06-21T11:16:40.621Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-06-21T11:18:46.152Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "329978FD-8C0A-434C-8A41-06341C7675F9", "versionEndExcluding": "6.9.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.10.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "C40DD2D9-90E3-4E95-9F1A-E7C680F11F2A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix loop termination condition in gss_free_in_token_pages()\n\nThe in_token->pages[] array is not NULL terminated. This results in\nthe following KASAN splat:\n\n KASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f]"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: SUNRPC: corrigi\u00f3 la condici\u00f3n de terminaci\u00f3n del bucle en gss_free_in_token_pages() La matriz in_token->pages[] no tiene terminaci\u00f3n NULL. Esto da como resultado el siguiente s\u00edmbolo KASAN: KASAN: quiz\u00e1s acceso a memoria salvaje en el rango [0x04a2013400000008-0x04a201340000000f]"}], "id": "CVE-2024-36288", "lastModified": "2024-11-21T09:21:59.667", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-21T12:15:10.967", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/0a1cb0c6102bb4fd310243588d39461da49497ad"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/4a77c3dead97339478c7422eb07bf4bf63577008"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/4cefcd0af7458bdeff56a9d8dfc6868ce23d128a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/57ff6c0a175930856213b2aa39f8c845a53e5b1c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/6ed45d20d30005bed94c8c527ce51d5ad8121018"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/af628d43a822b78ad8d4a58d8259f8bf8bc71115"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/b4878ea99f2b40ef1925720b1b4ca7f4af1ba785"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/f9977e4e0cd98a5f06f2492b4f3547db58deabf5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/0a1cb0c6102bb4fd310243588d39461da49497ad"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/4a77c3dead97339478c7422eb07bf4bf63577008"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/4cefcd0af7458bdeff56a9d8dfc6868ce23d128a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/57ff6c0a175930856213b2aa39f8c845a53e5b1c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/6ed45d20d30005bed94c8c527ce51d5ad8121018"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/af628d43a822b78ad8d4a58d8259f8bf8bc71115"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/b4878ea99f2b40ef1925720b1b4ca7f4af1ba785"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/f9977e4e0cd98a5f06f2492b4f3547db58deabf5"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: SUNRPC: Fix loop termination condition in gss_free_in_token_pages()", "id": "2293645", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293645"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-119", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nSUNRPC: Fix loop termination condition in gss_free_in_token_pages()\nThe in_token->pages[] array is not NULL terminated. This results in\nthe following KASAN splat:\nKASAN: maybe wild-memory-access in range [0x04a2013400000008-0x04a201340000000f]"], "name": "CVE-2024-36288", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-06-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-36288\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-36288\nhttps://lore.kernel.org/linux-cve-announce/2024062150-CVE-2024-36288-d24a@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 6.9.4, kernel 6.10-rc3"}